Germany is cracking down on the sale of smart watches aimed at kids between the ages of 5 and 12 years over concerns that they can be turned into spying devices. German telecom watchdog, the Federal Network Agency has banned the sale of the devices, and in an announcement made Friday, they said they had already taken action against some online sellers. As the BBC notes, though, it’s unclear whether Germany’s decision was based on privacy concerns (it’s illegal in Germany to manufacture, sell, or possess surveillance devices disguised as another object) or over security flaws that have been found in internet-enabled devices for kids that make them vulnerable to hacking.

Just last week, U.K. consumer rights group Which? (no, really, that’s its name) published its findings about four internet-enabled toys–the Furby Connect, I-Que Intelligent Robot, Toy-fi Teddy, and CloudPets cuddly toy–and if Santa’s elves are making them, they need to brush up on their security measures. In each case, Which? found that Bluetooth connections were not secure and easy to hack, and “in all cases, it was far too easy for someone to use the toy to talk to a child.” Furby maker Hasbro told the group they were confident they had “designed both the toy and the app to deliver a secure play experience,” because hacking a Furby would require close proximity, but there are ways to extend Bluetooth’s range. Which? says its findings are merely “the tip of a very worrying iceberg.”

Germany’s decision also comes in the wake of reports that kids’ smartwatches could be turned into spying devices. While Germany opted to ban their sale, Which? suggested simply not selling devices with known security and/or privacy risks to kids, which sounds like very practical advice that would be FBI-approved, if not Santa-approved.